Spot on reply. I was getting the impression that @ifindproblems has an issue with P2P networks in general.
Pentesting is usually performed upon servers, correct? Of which SAFEnet is not supposed to have any. 
So finding vulnerabilities in the client and apps is the way to go, to attack the users, because that’s all there is. Revealing their IPs is one way, a la attacks upon bittorrent clients (where the IPs are out in the open).
You will be breaking new ground, going back to the basic questions of what your job really is. Rote scripting won’t do it.
I rather think that “social engineering” will become a more prominent threat. Scams and such, confidence artists, who use multiple-account sock-puppetry for, as an example, to con SAFEnet users with money-raising ideas for promoting the network in “freedom” media.
2 Likes
I think I see where he is going with this supposedly circle jerking.
He is thinking about using HYPOTHETICAL client vulnerabilities to create a worm that would infect other safenet users.
If such assumptions and conditionals were met, he thinks basically about getting the biggest botnet of the world.
But also, the lack of conceptual understanding of threat models really makes me doubt about his professionalism.
I really don’t understand what you’re trying to accomplish with attacking this person. Should I say your approach is very un-professional?
By the way, is an offer to hack the hell out of the network really so offensive? The whole concept of a safe network is an invitation for exactly that. There will be no better time to find all the exploits than now.
1 Like
I openly invite him to rip it apart, that would be really helpful.
But to be KEEP assuming without even bothering to research is a red flag.
At best he is undisciplined to be assuming about problems without even confirming empirically if they are relevant to the issue. ESPECIALLY in a project like this.
As I said before, his approach is akin to be launching every single existing ftp exploits on an open port, without even bothering to read the greeting banner… just to realize later on that actually it wasn’t even an ftp server in the first place.
I find it mindblowing that he isn’t applying a single iota of effort to research.
Let me give another less technical analogy, so you can get a feeling of how absurd this sounds:
Imagine a firefighter comes to your shop and says,
“would you want me to inspect your place is fireproof?”
“yes, of course”
“Your place is risky because you don’t have sprinklers”
“I do have sprinklers, just look up”
“But they don’t have water”
“They have water”
“But if it lacked pressure…”
“what the f… would you please like to step inside and check it yourself?”
“Uhm, what about the materials they are usually flammable”
“This is metal”
“But it would burn if it was wood”
“I said it is metal, I mean just look at it for god’s sake it freaking shines!”
“But if it was paper”
“IT IS NOT PAPER, IT IS METAL look at the damn thing”
“I’m just saying… mkay, so do you have basement?”
“WE ARE ON A BOAT!”
Do you get my level of frustration?
If you want to inspect, inspect it.
2 Likes
This is pure immaturity being shown by these kids. Certainly doesnt show well to the newcomers. These kids think they have the right to screen any new member of the forum and even more hilarious they think they can give their permission to hack the network.
Its no wonder MS is having a tough time attracting talent.
ifindproblems doesn’t want to hack the SAFE network , he stated that above …
The real issue here is how people that challenge what MS is doing are met with ridicule and ignorant behavior by community members that should know better.
2 Likes
With the knowledge that this guy shows, seems more a oneself service that a penetration.
Newcomers is one thing, another whole different thing is a guy who boasts to be a pentester and keeps insisting on not even bothering to read the wiki about it.
I’d love to see this Safe Network thing not turned into a religion.
Though I’m happy to see there are many with enough chill for the rest to borrow if only they wanted 
1 Like
its kinda funny 
Funny, I first thought you meant why he/she was trying to attack/hack the user’s computer, when the user actually is the one you can always hack, regardless of the network, protocol or whatnot. Seems I was wrong.
On a side note, there is the idea that safenet could/will eventually turn into an operating system itself, or rather the possibility to use it as such exists in theory. So eventually, even the users computer wouldn’t be the weak spot anymore.
I’m pretty sure, as @piluso has mentioned before, that the user (not their computer) will ultimately be the target. Social engineering etc will probably be the way to go.
You could always chime in, you know. If you’re unhappy with their and now my answers, why dont you help him/her achieve their goal of finding a theoretical weakness without apparently bothering to read anything.
It is not about being fanatics. As I said, we need to audit (pentest would be a misnomer here) it and attack it.
But if my analogy doesn’t help to get my point, then there is nothing I can do to make you understand that it is a level of messiness that really questions his competency.
regards
The possibility of safenet clients as a vector to propagate a botnet worm is something to ponder though.
2 Likes
Some maybe, but if the intention is to actually get most of the users to spend at least some resources, most computers with vaults would most likely be not very secure.
I would imagine an attack on the dev of a large project like say n99 or decorum (sorry ;)) would be very feasible. If you were able to grab the passwords, wouldnt that allow you to alter their software, essentially making any computer that executes it a bot or keylogger or whatever? I think I read something like that somewhere, but I cant remember what the conclusion was…